From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.

---
 server/plugins-available/mailman_plugin.inc.php |   18 +++++++++++-------
 1 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/server/plugins-available/mailman_plugin.inc.php b/server/plugins-available/mailman_plugin.inc.php
index fd2fa7a..7e6eaf2 100644
--- a/server/plugins-available/mailman_plugin.inc.php
+++ b/server/plugins-available/mailman_plugin.inc.php
@@ -73,9 +73,9 @@
 		
 		$this->update_config();
 		
-		exec("/usr/lib/mailman/bin/newlist -u ".escapeshellcmd($data["new"]["domain"])." -e ".escapeshellcmd($data["new"]["domain"])." ".escapeshellcmd($data["new"]["listname"])." ".escapeshellcmd($data["new"]["email"])." ".escapeshellcmd($data["new"]["password"])."");
+		exec("nohup /usr/lib/mailman/bin/newlist -u ".escapeshellcmd($data["new"]["domain"])." -e ".escapeshellcmd($data["new"]["domain"])." ".escapeshellcmd($data["new"]["listname"])." ".escapeshellcmd($data["new"]["email"])." ".escapeshellcmd($data["new"]["password"])." >/dev/null 2>&1 &");
 		
-		exec($conf['init_scripts'] . '/' . 'mailman reload &> /dev/null');
+		exec('nohup '.$conf['init_scripts'] . '/' . 'mailman reload >/dev/null 2>&1 &');
 		
 		$app->db->query("UPDATE mail_mailinglist SET password = '' WHERE mailinglist_id = ".$app->db->quote($data["new"]['mailinglist_id']));
 		
@@ -86,8 +86,8 @@
 		global $app, $conf;
 		
 		if($data["new"]["password"] != $data["old"]["password"] && $data["new"]["password"] != '') {
-			exec("/usr/lib/mailman/bin/change_pw -l ".escapeshellcmd($data["new"]["listname"])." -p ".escapeshellcmd($data["new"]["password"])."");
-			exec($conf['init_scripts'] . '/' . 'mailman reload &> /dev/null');
+			exec("nohup /usr/lib/mailman/bin/change_pw -l ".escapeshellcmd($data["new"]["listname"])." -p ".escapeshellcmd($data["new"]["password"])." >/dev/null 2>&1 &");
+			exec('nohup '.$conf['init_scripts'] . '/' . 'mailman reload >/dev/null 2>&1 &');
 			$app->db->query("UPDATE mail_mailinglist SET password = '' WHERE mailinglist_id = ".$app->db->quote($data["new"]['mailinglist_id']));
 		}
 	}
@@ -97,9 +97,9 @@
 		
 		$this->update_config();
 		
-		exec("/usr/lib/mailman/bin/rmlist -a ".escapeshellcmd($data["old"]["listname"]));
+		exec("nohup /usr/lib/mailman/bin/rmlist -a ".escapeshellcmd($data["old"]["listname"])." >/dev/null 2>&1 &");
 		
-		exec($conf['init_scripts'] . '/' . 'mailman reload &> /dev/null');
+		exec('nohup '.$conf['init_scripts'] . '/' . 'mailman reload >/dev/null 2>&1 &');
 		
 	}
 	
@@ -113,7 +113,11 @@
 		$server_config = $app->getconf->get_server_config($conf['server_id'], 'server');
 		
 		// load files
-		$content = file_get_contents($conf["rootpath"]."/conf/mm_cfg.py.master");
+		if(file_exists($conf["rootpath"]."/conf-custom/mm_cfg.py.master")) {
+			$content = file_get_contents($conf["rootpath"]."/conf-custom/mm_cfg.py.master");
+		} else {
+			$content = file_get_contents($conf["rootpath"]."/conf/mm_cfg.py.master");
+		}
 		$old_file = file_get_contents($this->mailman_config_dir."/mm_cfg.py");
 		
 		$old_options = array();

--
Gitblit v1.9.1